But do these prior systems provide the follwing set of functions?
"comprising the steps of : the consumer causing personal health data to be stored in a secure repository, said repository requiring authentication of the consumer's identity before the consumer is provided access to the repository; the consumer selecting items of personal health data to share and identifying a health care provider, or class of health care providers, to whom access will be provided for those items of personal health data; a health care provider providing authentication of their identity to the consumer's secure repository and being provided access to those items of personal health data of the consumer for which the health care provider has been identified for sharing; the health care provider using the personal health data of the consumer to determine health care advice or the provision of a health care service for the consumer; and the health care provider recording details of the consultation and the advice or service provided to the consumer in the secure repository of health data of the consumer." Quoted from Claim 1 of http://v3.espacenet.com/textclam?CY=ep&LG=en&F=4&IDX=WO02073456&DB=EPODOC&QPN=WO02073456
Prior art that do not "read on" the claims of the patent are not relevant to this discusssion. Specifically, subset implementation does not infringe a patent. This means if we build software that does not do all the steps spelled out above, it does not infringe.
Yes, Andrew is correct - prior art needs to be specific to the claims, although the prior art does not need to be contained in a single document, as long as the connections between the prior art would be obvious to a person skilled in the domain.
The burden of proof for novelty was recently tightened under Australian law (thank goodness for small mercies!), but unfortunately those changes only affect applictaions lodged after 1 April 2002, and the patent application in question was lodged on 14 March 2002.
However, I have just revisited Ross Anderson's privacy principles which he developed for the British Medical Association, published in the BMJ and elsewhere in 1996, and available in full form here: http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html
Andersons' paper describes patient-controlled access control lists, as well as data item-specific access control. He doesn't use the word "template" but does, of course, use the term access control lists, and the patent application describes a "template" as being a list.
Tim C
signature.asc
Description: OpenPGP digital signature
